Haitham Gad, AWS Developer in San Diego, United States
Haitham Gad

AWS Developer in San Diego, United States

Member since July 15, 2022
Haitham is a senior AWS engineer with over 15 years of experience building products and services for several enterprises. Haitham spent over five years as a software engineer at AWS and helped build and launch Amazon GuardDuty, AWS's intelligent threat detection, and security monitoring service. Haitham's work was instrumental in accelerating GuardDuty's adoption by thousands of AWS customers like Snap, HBO Max, Siemens, Volkswagen, and Southwest Airlines.
Haitham is now available for hire

Portfolio

Experience

Location

San Diego, United States

Availability

Full-time

Preferred Environment

Python, Node.js, Amazon Web Services (AWS), Serverless Architecture, Cloud Security

The most amazing...

...thing I've built is Amazon GuardDuty, AWS's intelligent cloud threat detection service, which was quickly adopted by the majority of big-name AWS customers.

Employment

  • Principal Consultant

    2022 - PRESENT
    Self-employed
    • Helped a client build an AWS Control Tower landing zone and connected their Google Workspace identities to AWS SSO. Also helped them establish security best practices in the form of Control Tower detectives and preventive guardrails.
    • Helped a client build deployment pipelines using both AWS CodePipelines and GitHub actions, all written in the AWS CDK. Also built a pipeline for the client to deploy resources to all AWS Organization accounts using CloudFormation StackSets.
    • Performed forensic investigation for a security incident where a client lost access to a production S3 bucket. I gave the client detailed advice on how they should proceed from there to mitigate the incident and make sure it doesn't happen again.
    • Helped a client perform a security assessment for their production AWS environment and submitted an assessment report with a list of severity-ranked findings that the client went back and addressed.
    Technologies: Node.js, Python, Amazon Web Services (AWS), AWS, Web Security, Cloud Security, Security Testing, Secure Coding, Web App Security, Security Audits, MongoDB, Infrastructure as Code (IaC), AWS Cloud Development, AWS CloudFormation, Back-end Development, Back-end, Functional Programming, DevOps, AWS DevOps, Architecture, OpenAPI, Swagger, OAuth 2, JSON, JSON Web Tokens (JWT), PostgreSQL, Jinja, React, HTML, CSS, Flask, REST APIs, NoSQL, MySQL, SQL, Next.js, Full-stack, Full-stack Development, Technical Leadership, Terraform, Identity & Access Management (IAM), DevSecOps, Boto 3, Google Cloud Platform (GCP), Software Design, API Integration, Integration, CI/CD Pipelines, Git, GraphQL, Cloud Platforms, Engineering, Go, IT Security, Leadership, Requirements Analysis
  • Software Development Engineer

    2016 - 2022
    Amazon Web Services (AWS)
    • Developed, launched, and helped grow Amazon GuardDuty into an indispensable tool for Security Operations teams looking to secure their businesses' AWS footprint. GuardDuty is an intelligent threat detection and security monitoring service for AWS.
    • Built some of GuardDuty's high-value security detections end to end, from ideation, prototyping, testing, false positive reduction, operationalization, and launch. This includes privilege escalation, reconnaissance, and unauthorized access findings.
    • Created GuardDuty's multi-account functionality, allowing Security Operations teams to enable GuardDuty across all their organization's AWS accounts and aggregate findings in a central SecOps account.
    • Led the development and evolution of GuardDuty's control plane, including public APIs, SDKs, and CloudFormation resources, and set standards for API launch readiness.
    • Provided technical leadership and mentoring to multiple generations of GuardDuty software engineers.
    Technologies: AWS, AWS CloudFormation, AWS Security, Amazon GuardDuty, Java, Python, TypeScript, AWS Cloud Development, Apache Spark, Scala, Ruby, Serverless, REST, APIs, Microservices, Node.js, AWS IAM, C++, AWS CloudTrail, AWS Kinesis, AWS Lambda, Elasticsearch, Application Security, Amazon CloudWatch, Amazon SQS, Amazon SNS, Amazon S3 (AWS S3), Amazon ECS (Amazon Elastic Container Service), AWS Fargate, Amazon DynamoDB, Amazon Route 53, AWS Certificate Manager, Amazon API Gateway, AWS Glue, Dagger 2, Gradle, Program Management, Technical Program Management, Compliance, Web Security, Cloud Security, Amazon EC2 (Amazon Elastic Compute Cloud), Amazon Virtual Private Cloud (VPC), AWS Organizations, GRC, PCI DSS, PCI Compliance, HIPAA Compliance, GDPR, SOC Compliance, SOC 2, Web App Security, Amazon Elastic MapReduce (EMR), Threat Modeling, Secure Coding, Security Testing, Security Audits, API Design, Amazon Web Services (AWS), Serverless Architecture, Machine Learning, Software as a Service (SaaS), Linux, JavaScript, Databases, Back-end Development, Back-end, Functional Programming, DevOps, AWS DevOps, Architecture, OpenAPI, Swagger, OAuth 2, JSON, Jinja, React, HTML, CSS, REST APIs, NoSQL, Full-stack, Full-stack Development, Technical Leadership, Identity & Access Management (IAM), DevSecOps, Boto 3, Spark, Software Design, API Integration, Integration, CI/CD Pipelines, Git, Cloud Platforms, Engineering, Go, IT Security, Leadership, Requirements Analysis
  • Lead Software Engineer

    2012 - 2016
    Cadence Design Systems
    • Developed module generators, layout-only object generators such as dummies, guard rings, and polyfills, and place and route tools for the Cadence Virtuoso GXL physical layout suite.
    • Built a system for the assisted routing of physical layout devices, which accelerates the effort of routing components while allowing physical layout engineers to customize specific routing parameters.
    • Led module generator qualification efforts on TSMC's advanced node process design kits (PDKs), for example, TSMC 16nm and 10nm, which gave customers better confidence in adopting them.
    Technologies: Electronic Design Automation (EDA), C++, Lisp, Python, Compilers, Compiler Design, Linux, Databases, Functional Programming, Architecture, JSON, HTML, CSS, Technical Leadership, Software Design, API Integration, Legacy Software, Legacy Code, Integration, Git, Engineering, Requirements Analysis, Desktop App Development
  • Software Development Engineer

    2007 - 2012
    Mentor Graphics (Acquired by Siemens)
    • Built compilers and automations to help the custom IC design group accelerate PDK development for the foundries' advanced technology nodes, for example, TSMC 16nm.
    • Contributed to reducing the mentor's release cycle, from 7-8 weeks down to 4-5 days, for advanced node PDKs of key foundries like TSMC and GlobalFoundries.
    • Represented Mentor Graphics in the OpenPDK Coalition, an open coalition aiming to define a set of open standards to allow an OpenPDK to be created once and then translated into specific EDA vendor tools and specific foundry formats.
    • Trained Mentor Graphics' PDK development team on using new PDK automation systems and building foundry partnerships.
    Technologies: Electronic Design Automation (EDA), C++, Python, Compilers, Compiler Design, Linux, Databases, Functional Programming, Lisp, Architecture, JSON, HTML, CSS, Technical Leadership, Software Design, API Integration, Legacy Software, Legacy Code, Integration, Engineering, Requirements Analysis, Desktop App Development

Experience

  • Threat Intelligence Ingestion Service

    Built GuardDuty's threat intelligence ingestion service, an extensible microservice for ingesting various in-house, third-party and open source threat-intelligence feeds for use in finding generation decision logic.

    I developed control-plane APIs to define new ingestors when new threat intelligence feeds become available. I also developed configurable ingestion components that allow for initiating ingestion requests with various parameters and authentication options, transforming responses and dispatching results to different destinations.

    I built data-plane APIs to invoke ingestors on a schedule or as a response to some events, such as SNS notifications. I then used the control-plane APIs to define ingestors for various in-house, third-party, and open source threat-intelligence feeds required by GuardDuty.

    I deployed the service on serverless infrastructures, such as Amazon/AWS: ECS/Fargate, Lambda, Glue, API Gateway, and DynamoDB, defined using the AWS Cloud Development Kit (CDK).

  • AppSec Review Acceleration Program

    Led an AppSec review acceleration program within AWS GuardDuty that achieved the following results:

    • Reduced the AppSec review process timeline for new features from months to weeks.
    • Uncovered and mitigated several weaknesses in the service's security posture.
    • Worked with proactive security teams to mitigate very subtle and intricate attack vectors, including resource-level authorization, confused deputy protection, and cross-account access control.

    I provided continuous education to the GuardDuty team on authoring effective threat models, securing their infrastructure, and writing secure code. I also continuously educated the AppSec team on the security measures that govern GuardDuty's infrastructure components, AWS account settings, and DevSecOps practices.

  • Governance, Risk, and Compliance (GRC) Program

    Led GuardDuty's GRC program, helping achieve compliances and building solutions and processes for continuous adherence.

    I partnered with the GRC team to (1) understand the auditor requirements for different compliances and (2) identify the gaps in GuardDuty's infrastructure and process security that needed to be filled to achieve each compliance. I then led a group of engineers to implement mitigations for the identified gaps.

    Within the program, I helped GuardDuty achieve several compliances, including GDPR, SOC 2, Payment Card Industry Data Security Standard (PCI DSS), HIPAA, and Federal Risk and Authorization Management Program (FedRAMP).

    I also built solutions and processes to ensure GuardDuty is continuously adhering to all its existing security compliances.

Skills

  • Languages

    Python, TypeScript, Java, C++, JavaScript, Lisp, HTML, Scala, Ruby, CSS, SQL, GraphQL, Go
  • Frameworks

    Swagger, Jinja, Apache Spark, Dagger 2, OAuth 2, JSON Web Tokens (JWT), Next.js, Spark, Flask
  • Libraries/APIs

    Node.js, OpenAPI, REST APIs, React
  • Tools

    AWS CloudFormation, AWS IAM, AWS CloudTrail, Amazon SQS, Amazon ECS (Amazon Elastic Container Service), AWS Fargate, Amazon Virtual Private Cloud (VPC), Amazon CloudWatch, Amazon Elastic MapReduce (EMR), Boto 3, Git, AWS Glue, Gradle, Terraform
  • Paradigms

    REST, Microservices, Serverless Architecture, Functional Programming, DevOps, DevSecOps, Requirements Analysis, Desktop App Development, HIPAA Compliance, Compiler Design
  • Platforms

    AWS Lambda, Amazon EC2 (Amazon Elastic Compute Cloud), AWS Kinesis, Amazon Web Services (AWS), Linux, Google Cloud Platform (GCP)
  • Storage

    Amazon S3 (AWS S3), Amazon DynamoDB, Elasticsearch, Databases, JSON, NoSQL, MongoDB, PostgreSQL, MySQL
  • Industry Expertise

    IT Security
  • Other

    AWS, AWS Security, Amazon GuardDuty, AWS Cloud Development, Amazon SNS, Amazon Route 53, AWS Certificate Manager, Amazon API Gateway, Program Management, Technical Program Management, Application Security, Web Security, Cloud Security, AWS Organizations, GRC, Compliance, Web App Security, Serverless, APIs, Threat Modeling, Secure Coding, API Design, Software as a Service (SaaS), Infrastructure as Code (IaC), Back-end Development, Back-end, AWS DevOps, Architecture, Technical Leadership, Identity & Access Management (IAM), Software Design, API Integration, Legacy Software, Legacy Code, Integration, CI/CD Pipelines, Cloud Platforms, Engineering, PCI DSS, PCI Compliance, GDPR, SOC Compliance, SOC 2, FedRAMP, Security Testing, Security Audits, Compilers, Full-stack, Full-stack Development, Leadership, Machine Learning

Education

  • Bachelor's Degree in Electrical Engineering and Computer Science
    2001 - 2006
    Cairo University - Cairo, Egypt

Certifications

  • AWS Certified Security Specialist
    JANUARY 2022 - JANUARY 2025
    Amazon Web Services
  • Machine Learning
    DECEMBER 2014 - PRESENT
    Coursera
  • Compilers
    APRIL 2013 - PRESENT
    Coursera

To view more profiles

Join Toptal
Share it with others